Slide 1 E-Science: The Impact of Science DMZs on Research Presenter: Alex Berryman Performance Engineer, OARnet Paul Schopis, Marcio Faerman.

Slides:

Advertisements

Similar presentations

Top-Down Network Design Chapter Nine Developing Network Management Strategies Copyright 2010 Cisco Press & Priscilla Oppenheimer.

Advertisements

Kathy Benninger, Pittsburgh Supercomputing Center Workshop on the Development of a Next-Generation Cyberinfrastructure 1-Oct-2014 NSF Collaborative Research:

COS 461 Fall 1997 Networks and Protocols u networks and protocols –definitions –motivation –history u protocol hierarchy –reasons for layering –quick tour.

Kansei Connectivity Requirements: Campus Deployment Case Study Anish Arora/Wenjie Zeng, GENI Kansei Project Prasad Calyam, Ohio Supercomputer Center/OARnet.

1 Version 3 Module 8 Ethernet Switching. 2 Version 3 Ethernet Switching Ethernet is a shared media –One node can transmit data at a time More nodes increases.

Chapter 19: Network Management Business Data Communications, 4e.

CEG3185 Tutorial 7 Routers and Routing. IP Address An Internet Protocol address (IP address) is a numerical label assigned to each device (e.g., computer,

Introduction to Networks and the Internet

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

RDMA ENABLED WEB SERVER Rajat Sharma. Objective  To implement a Web Server serving HTTP client requests through RDMA replacing the traditional TCP/IP.

SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.

Security Management IACT 418/918 Autumn 2005 Gene Awyzio SITACS University of Wollongong.

A Scalable, Commodity Data Center Network Architecture Mohammad Al-Fares, Alexander Loukissas, Amin Vahdat Presented by Gregory Peaker and Tyler Maclean.

Transport SDN: Key Drivers & Elements

Abstraction and Control of Transport Networks (ACTN) BoF

Network Topologies.

CPMT 1449 Computer Networking Technology – Lesson 1

Semester 1 Module 8 Ethernet Switching Andres, Wen-Yuan Liao Department of Computer Science and Engineering De Lin Institute of Technology

Chapter 5 Networks Communicating and Sharing Resources

Is Lambda Switching Likely for Applications? Tom Lehman USC/Information Sciences Institute December 2001.

S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,

1 10 THE INTERNET AND THE NEW INFORMATION TECHNOLOGY INFRASTRUCTURE.

NETWORKING COMPONENTS By Scott H. Bowers. HUB A hub can be easily mistaken for a switch, physically there are no defining characteristics, both have power.

1 March 2010 A Study of Hardware Assisted IP over InfiniBand and its Impact on Enterprise Data Center Performance Ryan E. Grant 1, Pavan Balaji 2, Ahmad.

ACM 511 Chapter 2. Communication Communicating the Messages The best approach is to divide the data into smaller, more manageable pieces to send over.

VeriFlow: Verifying Network-Wide Invariants in Real Time

Towards a Common Communication Infrastructure for Clusters and Grids Darius Buntinas Argonne National Laboratory.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Identifying Application Impacts on Network Design Designing and Supporting Computer.

Repeaters and Hubs Repeaters: simplest type of connectivity devices that regenerate a digital signal Operate in Physical layer Cannot improve or correct.

Software-defined Networking Capabilities, Needs in GENI for VMLab ( Prasad Calyam; Sudharsan Rajagopalan;

INTERNATIONAL NETWORKS At Indiana University Hans Addleman TransPAC Engineer, International Networks University Information Technology Services Indiana.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Identifying Application Impacts on Network Design Designing and Supporting.

The University of Bolton School of Games Computing & Creative Technologies LCT2516 Network Architecture CCNA Exploration LAN Switching and Wireless Chapter.

Chapter 6 – Connectivity Devices

University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department INTRODUCTION TO COMPUTER NETWORKS Dr. Abdelhamid.

S4-Chapter 3 WAN Design Requirements. WAN Technologies Leased Line –PPP networks –Hub and Spoke Topologies –Backup for other links ISDN –Cost-effective.

Innovations to Transition a Campus Core Cyberinfrastructure to Serve Diverse and Emerging Researcher Needs Prasad Calyam (Presenter), Jay Young, Paul Schopis.

ASCR/ESnet Network Requirements an Internet2 Perspective 2009 ASCR/ESnet Network Requirements Workshop April 15/16, 2009 Richard Carlson -- Internet2.

Securing the Network Infrastructure. Firewalls Typically used to filter packets Designed to prevent malicious packets from entering the network or its.

First, by sending smaller individual pieces from source to destination, many different conversations can be interleaved on the network. The process.

1 Network Measurement Summary ESCC, Feb Joe Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.

Slide 1 Experiences with PerfSONAR and a Control Plane for Software Defined Measurement Yan Luo Department of Electrical and Computer Engineering University.

Slide 1 9/29/15 End-to-End Performance Tuning and Best Practices Moderator: Charlie McMahon, Tulane University Jan Cheetham, University of Wisconsin-Madison.

Cisco S3C3 Virtual LANS. Why VLANs? You can define groupings of workstations even if separated by switches and on different LAN segments –They are one.

1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 ver.2 Module 8 City College.

Network Sniffer Anuj Shah Advisor: Dr. Chung-E Wang Department of Computer Science.

CCNA Guide to Cisco Networking Chapter 2: Network Devices.

Cyberinfrastructure: An investment worth making Joe Breen University of Utah Center for High Performance Computing.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Communicating over the Network Network Fundamentals – Chapter 2.

The role of networking in the Dynamic Data Center Niels Friis-Hansen Senior IT Specialist, CCIE IBM Communication & Collaboration.

Brian Noble, Campus heavily invested in shared cyberinfrastructure Nyx: condo-model HPC cluster, 4K nodes Flux: 8K nodes, most “rented”

Data and Computer Communications Eighth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 1 – Data Communications, Data Networks, and.

2.2 Interfacing Computers MR JOSEPH TAN CHOO KEE TUESDAY 1330 TO 1530

Computer Engineering and Networks, College of Engineering, Majmaah University INTRODUCTION TO COMPUTER NETWORKS Mohammed Saleem Bhat

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Intrusion Detection and Incidence Response Course Name – IT Intrusion Detection and Incidence.

1 Deploying Measurement Systems in ESnet Joint Techs, Feb Joseph Metzger ESnet Engineering Group Lawrence Berkeley National Laboratory.

1 Network Measurement Challenges LHC E2E Network Research Meeting October 25 th 2006 Joe Metzger Version 1.1.

Secure High Performance Networking at BNL Winter 2013 ESCC Meeting John Bigrow Honolulu Hawaii.

UNM SCIENCE DMZ Sean Taylor Senior Network Engineer.

Enhancements for Voltaire’s InfiniBand simulator

Protocols and the TCP/IP Suite

Chapter 19: Network Management

University of Maryland College Park

Design and Demo of AtlanticWave/SDX

ExaO: Software Defined Data Distribution for Exascale Sciences

File Transfer Issues with TCP Acceleration with FileCatalyst

Chapter 3 VLANs Chaffee County Academy

Network Discovery in Industrial Control Systems

Introduction to Networking & TCP/IP

OpenSec：Policy-Based Security Using Software-Defined Networking

Presentation transcript:

Slide 1 E-Science: The Impact of Science DMZs on Research Presenter: Alex Berryman Performance Engineer, OARnet Paul Schopis, Marcio Faerman OARnet, Ohio Supercomputer Center

Slide 2 Context and Motivation The goal of the NSF CC-NIE project is to improve the last mile connectivity for e-Science applications that exists all over campus –The last mile is considered the area of the network that extends from the Universities central IT level down to the individual departments –A large number of e-Science applications exist out side of data centers and labs where high speed connections are normally found

Slide 3 Areas of Impact The e-Science applications that benefit from the Science DMZ architecture are those that involve interactive collaboration tools and local visualization of data Medicine –Remote physical therapist conducting exercises with patients removing the need to travel. –Collaborative review and processing of patient records Physics –Remote instrumentation and control of electron microscopes from the classroom –Transfer simulation data from supercomputer center to lab workstations for better interactive visualization

Slide 4 Collaboration Efforts Brazil Gateway with the Ohio State University –Project between University of Sao Paulo and OSU Prof. Tereza Carvalho, LARC USP –Gathering current baseline of network performance using perfSONAR monitoring – Evaluate the interoperability of US and Brazil Science DMZs Dynamic Layer 2 circuits compatibility will be tested –More info

Slide 5 Role of the Performance Engineer The purpose of the Science DMZ is to accelerate the research efforts on campus, not just build faster networks e-Science applications rely on interconnectivity of multiple domains and layers that can effect performance –Is this a hardware or network issue? –Network path: Department -> Central -> Regional -> National -> International Networks The performance engineer is a resource for researchers to troubleshoot current issues and in planning future research proposals

Slide 6 Two Connection Models: Low Friction Layer 3 Layer 2 Circuit (AL2S) Component: Cisco Nexus 7000 (100Gig) NEC PF5820 (40Gig) Campus OpenFlow Switches (10Gig) Data Transfer Node (10Gig) Science DMZ Design at OSU

Slide 7 Connection Models Low-Friction Layer 3 connectivity –Separate business ( , grades) traffic from research flows. This allows research traffic to bypass the firewalls that are required for day-to-day operations in a normal network –Useful in applications that support normal TCP/IP traffic Dynamic Layer 2 Circuits –Some applications only work layer 2 Emerging data transfer protocols (RoCE) GENI dataplane connectivity Remote Instrumentation tools

Slide 8 Researcher Network-as-a-Service Dashboard Researcher uses Shibboleth credentials to define Application and end points. Researchers also classify the data’s privacy type. After approval, Performance Engineer pushes endpoint info into a RESTful API that is polled by OpenFlow controller. Real-time software defined network monitoring of critical network parameters for bottleneck identification and troubleshooting

Slide 9 Multi-physics Use Case (Low Friction Layer 3) Researchers in OSU’s ME Department move large files to and from HPC at WPAFB in Dayton, OH. (80 Miles West of Central Ohio) Problems were discovered at different layers: 1.Transfers of 80Gb files take over 12 hours 2.Hosts are using shared and firewalled 1Gig connection 3.The DREN path was not being correctly advertised to OSU by OARnet and was going all the way to Los Angeles 4.Researchers are using SCP Planned Actions: 1.Use OpenFlow to switch research traffic onto a non-firewalled dedicated fiber to OSU core 2.Correct BGP Peering so OSU uses OARnet’s direct connection to DREN 3.Still using SCP due to lack of control on DoD HPC side Transfers currently take under two hours, but we are working of improving this further.

Slide 10 Multi-physics Topology (Low Friction Layer 3)

Slide 11 Transfer Neuroblastoma cell images from University of Missouri for processing at OSU using custom ADTS tool: Supports RDMA over converged Ethernet (RoCE) Falls back to TCP based transfers if necessary RoCE Protocol Requirements: Layer 2 Connection RDMA compatible network cards 10Gig bandwidth Lowest latency possible Biomedical Use Case (Layer 2 Circuit)

Slide 12 Science DMZ Security Real time utilization and event monitoring using sFlow If sFlow detects an event the traffic flow is mirrored to a Bro Cluster for packet inspection –Bro Cluster is a capable of monitoring ~40Gbit/s –Once a flow from the 100Gbit link is deemed safe, or not malicious it can be removed from the Bro Cluster All flows are tied to an application in Science DMZ Dashboard –This dashboard maintains the identity of application owner and who approved the access incase security concerns arise

Slide 13 Thank you! Questions? Contact –Alex Berryman, Performance Engineer, OARnet